CISA urges urgent SharePoint patching after active exploits spotted

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm over three SharePoint Server vulnerabilities that are already being exploited in the wild. The agency has ordered federal agencies to apply fixes by June 18, warning that internet-facing on-premises instances are prime targets for attackers.
A race against opportunistic raids
CISA’s warning arrives amid reports of real-world attacks leveraging these flaws, which remain unpatched on many corporate servers. The agency has added the trio to its Known Exploited Vulnerabilities (KEV) catalog, a list of bugs that pose “significant risk” to federal networks and, by extension, any organization running exposed SharePoint servers. Microsoft has already released security updates, but analysts note that many organizations delay patches or overlook remote endpoints—precisely the weak spots attackers are now probing.
Why this is more than a compliance checkbox
The move underscores a broader trend: attackers increasingly favor SharePoint as an entry point because it often bridges internal networks and external services. Unlike cloud-based versions, on-premises SharePoint instances can remain exposed if administrators neglect firewall rules or skip timely updates. Security teams must now prioritize these patches not only to meet CISA’s deadline but to prevent credential theft, data exfiltration, or ransomware deployment down the line.
Why it matters
This incident highlights how legacy on-premises infrastructure can become a liability even when cloud alternatives exist. For organizations running SharePoint Server, the stakes are immediate: unpatched servers risk compromise within days, not months. CISA’s KEV list is more than a guideline—it’s a clear signal that these flaws are being weaponized today, making rapid patching a non-negotiable priority.
Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.

